Appendix B. Tutorial: Access Lists

 

Access lists are probably misnamed these days. As the name implies, the original intention of an access list was to permit or deny access of packets into, out of, or through a router. Access lists have become powerful tools for controlling the behavior of packets and frames . Their use falls into three categories (Figure B.1):

  • Security filters protect the integrity of the router and the networks to which it is passing traffic. Typically, a security filter permits the passage of a few, well- understood packets and denies the passage of everything else.

  • Traffic filters prevent unnecessary packets from passing onto limited-bandwidth links. These filters look and behave much like security filters, but the logic is generally inverse: Traffic filters deny the passage of a few unwanted packets and permit everything else.

  • Many tools available on Cisco routers, such as dialer lists, route filters, route maps, and queuing lists, must be able to identify certain packets to function properly. Access lists may be linked to these and other tools to provide this packet identification function.

Figure B.1. Access lists are used as security filters, as traffic filters, and for packet identification.

graphics/bfig01.jpg



Routing TCP[s]IP (Vol. 11998)
Routing TCP[s]IP (Vol. 11998)
ISBN: N/A
EAN: N/A
Year: 2004
Pages: 224

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net